Driven by ensuing international legislation and regulations surrounding mandatory privacy breach notification, it has become imperative to understand an organization's privacy obligations with respect to the personally identifiable information that the organization holds. This is predicated on the maxim: “you can't manage what you can't measure”. In other words, an organization must have a clear understanding of what types of data it is trying to manage, whether or not their data is subject to the new legislation, how the data gets affected and what type of risk value should be assigned to it, what steps should be taken if a loss was to occur, etc. none of which can happen without a comprehensive inventory of any given organization's data, regardless of its type and intended usage.
There is of yet unavailable a comprehensive system that fully meets all of the objectives of creating a secure and accurate database to inventory an organization's private or sensitive personally identifiable information (“PII”), automatically classify each piece of PII, monitor all accesses, edits, deletes and other modifications of PII, assess risk and generate alerts and notifications when a breach of any PII occurs, and generate summary reports.